On Mon, Jul 28, 2014 at 09:57:51PM +0400, Alexey Perevalov wrote:
> Two additional NFACCT_F* was introduced for ability to reset
> counters with and without quota separately.
>
> It could be useful when client has to reset counters and wants to keep
> quotas untouched or vice versa without flushing and renewing.
>
> Signed-off-by: Alexey Perevalov <a.perevalov@xxxxxxxxxxx>
> ---
> include/uapi/linux/netfilter/nfnetlink_acct.h | 2 ++
> net/netfilter/nfnetlink_acct.c | 30 ++++++++++++++++++++-----
> 2 files changed, 27 insertions(+), 5 deletions(-)
>
> diff --git a/include/uapi/linux/netfilter/nfnetlink_acct.h b/include/uapi/linux/netfilter/nfnetlink_acct.h
> index 51404ec..1181c8e 100644
> --- a/include/uapi/linux/netfilter/nfnetlink_acct.h
> +++ b/include/uapi/linux/netfilter/nfnetlink_acct.h
> @@ -18,6 +18,8 @@ enum nfnl_acct_flags {
> NFACCT_F_QUOTA_PKTS = (1 << 0),
> NFACCT_F_QUOTA_BYTES = (1 << 1),
> NFACCT_F_OVERQUOTA = (1 << 2), /* can't be set from userspace */
> + NFACCT_F_RESET_COUNTERS = (1 << 3),
> + NFACCT_F_RESET_QUOTAS = (1 << 4),
> };
>
> enum nfnl_acct_type {
> diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c
> index 2baa125..1f47503 100644
> --- a/net/netfilter/nfnetlink_acct.c
> +++ b/net/netfilter/nfnetlink_acct.c
> @@ -121,9 +121,23 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
> return 0;
> }
>
> +static inline bool
> +is_counters_reset(u32 nfacct_flags, unsigned long counter_flags)
> +{
> + return nfacct_flags & NFACCT_F_RESET_COUNTERS &&
> + !(counter_flags & NFACCT_F_QUOTA);
> +}
> +
> +static inline bool
> +is_quotas_reset(u32 nfacct_flags, unsigned long counter_flags)
> +{
> + return nfacct_flags & NFACCT_F_RESET_QUOTAS &&
> + counter_flags & NFACCT_F_QUOTA;
> +}
I think you can use the existing flags, ie.
1) If no flag is set, it means that userspace wants to dump/reset
everything.
2) If NFACCT_F_QUOTA_PKTS is set, it means that userspace wants to
dump/reset only packet-based quotas.
3) If NFACCT_F_QUOTA_BYTES is set, it means that userspace wants to
dump/reset only byte-based quotas.
4) If NFACCT_F_QUOTA_PKTS|NFACCT_F_QUOTA_BYTES are set, any accounting
object with quota is dump/reset.
5) If NFACCT_F_OVERQUOTA is set, only objects overquota are reset.
... Basically, you could even make any possible combination. I think
that should be flexible enough for all cases.
Therefore:
> static int
> nfnl_acct_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
> - int event, struct nf_acct *acct)
> + int event, struct nf_acct *acct, u32 nfacct_flags)
> {
> struct nlmsghdr *nlh;
> struct nfgenmsg *nfmsg;
> @@ -143,7 +157,9 @@ nfnl_acct_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
> if (nla_put_string(skb, NFACCT_NAME, acct->name))
> goto nla_put_failure;
>
> - if (type == NFNL_MSG_ACCT_GET_CTRZERO) {
> + if (type == NFNL_MSG_ACCT_GET_CTRZERO &&
> + (!nfacct_flags || is_counters_reset(nfacct_flags, acct->flags) ||
> + is_quotas_reset(nfacct_flags, acct->flags))) {
Replacing this:
acct->flags & nfacct_flags == nfacct_flags
I think it should be enough.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
